Security & Trust
Your calls, recordings, and client data are handled with the same care we expect for our own. Here is exactly how we protect what matters to your business.
Enterprise infrastructure
CareDesk™ runs on Lovable Cloud — a SOC 2 Type II and ISO 27001 certified platform. Your data lives on hardened infrastructure with automated backups, encrypted storage, and strict access controls.
Encrypted call recordings
Every call recording is encrypted at rest and in transit. Access is role-based — only you, your assigned agents, and authorized team members can listen or download. We never share recordings with third parties.
US-based agents under NDA
Every CareDesk™ specialist is based in the United States and bound by a signed non-disclosure agreement. They are trained on your scripts and operate as an extension of your brand — not an outsourced call floor.
GDPR-aligned data handling
We collect only what we need to answer calls and book leads. You can request data export or deletion at any time. Our retention policies are documented and transparent.
Transparent access controls
Your dashboard shows exactly who accessed what. Owners control team permissions. Agents see only the clients and calls assigned to them. No shadow admin accounts, no back doors.
No long-term data lock-in
Your call history, transcripts, and client profiles belong to you. Export everything at any time. Cancel anytime — your data is retained securely for a reasonable period, then purged permanently.
What we do not do
- We do not sell or share your call data with advertisers, data brokers, or third-party AI model trainers.
- We do not store payment card numbers — billing is handled by Stripe, a PCI-DSS Level 1 certified provider.
- We do not use your call recordings to build generic AI models. Transcripts are used solely to serve your account.
- We do not offer access to your data outside the authenticated dashboard and secure API endpoints.